Lucene search
K

230 matches found

Nuclei
Nuclei
added 12 hours ago18 views

ArForms < 6.6 - Remote Code Execution

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form id: CVE-2024-4620 info: name: ArForms 6.6 - Remote Code Execution autho...

9.8CVSS6.1AI score0.03345EPSS
Exploits2References1
NVD
NVD
added 2026/06/29 3:16 p.m.10 views

CVE-2026-57338

Unauthenticated Cross Site Scripting XSS in ARForms = 7.1.2 versions...

7.1CVSS0.00146EPSS
Exploits0References1
CVE
CVE
added 2026/06/29 1:36 p.m.18 views

CVE-2026-57338

CVE-2026-57338 concerns the WordPress ARForms plugin, specifically versions &lt;= 7.1.2, which are affected by an unauthenticated cross-site scripting (XSS) vulnerability. Multiple connected sources consistently describe this as an XSS flaw in ARForms

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/29 1:36 p.m.35 views

CVE-2026-57338 WordPress ARForms plugin <= 7.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in ARForms = 7.1.2 versions...

7.1CVSS0.00146EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/24 12:35 p.m.9 views

WordPress ARforms plugin <= 7.1.3 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by h0xilo in WordPress Plugin ARForms versions = 7.1.3...

7.2CVSS5.8AI score0.0019EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/24 4:17 a.m.10 views

CVE-2026-3652

The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the value parameter of the arfsaveincompleteformdata AJAX action in all versions up to, and including, 7.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS0.0019EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 2:29 a.m.6 views

CVE-2026-3652

The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the value parameter of the arfsaveincompleteformdata AJAX action in all versions up to, and including, 7.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS6AI score0.0019EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 2:29 a.m.9 views

EUVD-2026-38644

The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the value parameter of the arfsaveincompleteformdata AJAX action in all versions up to, and including, 7.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS6AI score0.0019EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 2:29 a.m.38 views

CVE-2026-3652 ARForms <= 7.1.3 - Unauthenticated Stored Cross-Site Scripting via 'value' Parameter

The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the value parameter of the arfsaveincompleteformdata AJAX action in all versions up to, and including, 7.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS0.0019EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51650

Name of the Vulnerable Software and Affected Versions ARForms versions prior to 7.1.4 Description Insufficient input sanitization and output escaping in the ARForms plugin allow unauthenticated attackers to perform Stored Cross-Site Scripting XSS. By exploiting the value parameter of the arf save...

7.2CVSS6AI score0.0019EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/03/26 2:56 p.m.6 views

CVE-2024-13785

The The Contact Form, Survey, Quiz & Popup Form Builder – ARForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.2. This is due to the software allowing users to execute an action that does not properly validate a value before running...

5.6CVSS6.2AI score0.00268EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/24 8:31 a.m.13 views

WordPress ARForms plugin <= 1.7.2 - Unauthenticated Blind Arbitrary Shortcode Execution vulnerability

Unauthenticated Blind Arbitrary Shortcode Execution vulnerability discovered by Krzysztof Zając - CERT PL in WordPress Plugin ARForms Form Builder versions = 1.7.2...

5.6CVSS5.8AI score0.00268EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/21 6:30 a.m.6 views

EUVD-2024-55483

The The Contact Form, Survey, Quiz & Popup Form Builder – ARForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.2. This is due to the software allowing users to execute an action that does not properly validate a value before running...

5.6CVSS6.2AI score0.00268EPSS
Exploits0References3
NVD
NVD
added 2026/03/21 4:16 a.m.6 views

CVE-2024-13785

The The Contact Form, Survey, Quiz & Popup Form Builder – ARForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.2. This is due to the software allowing users to execute an action that does not properly validate a value before running...

5.6CVSS0.00268EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/21 3:26 a.m.2 views

CVE-2024-13785 Contact Form, Survey, Quiz & Popup Form Builder – ARForms <= 1.7.2 - Unauthenticated Blind Arbitrary Shortcode Execution

The The Contact Form, Survey, Quiz & Popup Form Builder – ARForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.2. This is due to the software allowing users to execute an action that does not properly validate a value before running...

5.6CVSS6.2AI score0.00268EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/21 3:26 a.m.29 views

CVE-2024-13785 Contact Form, Survey, Quiz & Popup Form Builder – ARForms <= 1.7.2 - Unauthenticated Blind Arbitrary Shortcode Execution

The The Contact Form, Survey, Quiz & Popup Form Builder – ARForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.2. This is due to the software allowing users to execute an action that does not properly validate a value before running...

5.6CVSS0.00268EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:26 a.m.4 views

CVE-2024-13785

The The Contact Form, Survey, Quiz & Popup Form Builder – ARForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.2. This is due to the software allowing users to execute an action that does not properly validate a value before running...

5.6CVSS6.2AI score0.00268EPSS
Exploits0References3
CVE
CVE
added 2026/03/21 3:26 a.m.20 views

CVE-2024-13785

The ARForms WordPress plugin (The Contact Form, Survey, Quiz & Popup Form Builder) is vulnerable to arbitrary shortcode execution in all versions up to 1.7.2. Root cause: the software executes do_shortcode after validating input improperly, enabling unauthenticated attackers to run arbitrary shor...

5.6CVSS6.2AI score0.00268EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.8 views

WordPress plugin ARForms 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPress...

5.6CVSS6.2AI score0.00268EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/02/18 8:16 a.m.6 views

WordPress ARForms plugin <= 1.5.8 - Unauthenticated Stored Cross-Site Scripting via arf_http_referrer_url vulnerability

Unauthenticated Stored Cross-Site Scripting via arfhttpreferrerurl vulnerability discovered by drop in WordPress Plugin ARForms Form Builder versions = 1.5.8...

7.2CVSS5.5AI score0.00374EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder